WhatsApp is suing the Israeli hacking company NSO Group in US federal court, the head of WhatsApp, Will Cathcart, announced in the Washington Post today.
WhatsApp accuses NSO Group of exploiting a vulnerability to target approximately 1,400 phones and devices with “malware designed to infect with the purpose of conducting surveillance on specific WhatsApp users.” You can read the complaint here from WhatsApp, which is owned by Facebook.
The hack allowed NSO Group and its customers to spy on messages, emails, and phone calls, as well as the cameras and microphones of the devices in question.
NSO Group, owned by the parent company Q Cyber Technologies, is an Israeli firm that’s become a world leader in building malware that targets mobile phones and devices. It operates around the world and with a wide variety of governments.
The list of publicly known customers and victims has made NSO infamous: Ahmed Mansoor, a human rights activist in the United Arab Emirates, is serving a 10-year prison sentence after NSO malware was reportedly used to repeatedly spy on him.
Researchers at the University of Toronto’s Citizen Lab have investigated and reported on the “journalists, human rights activists and defenders, lawyers, international investigators, political opposition groups, and other members of civil society” they say have been targeted by NSO Group malware.
The company was recently sold to Novalpina Capital and has since publicly stated it would adhere to United Nations principles, but Citizen Lab says the abuses have continued.
A tech giant suing NSO Group is a virtually unprecedented step, which will test a hacking industry that has been expanding in recent years.
NSO Group did not respond to a request for comment.
Cathcart added that tech giants should join UN Special Rapporteur David Kaye’s recent call for an immediate moratorium on the sale, transfer, and use of surveillance tools like NSO Group malware.